Senior Security Risk Management Analyst

About the team:

The Information Security (InfoSec) organization advances the overall state of security at Rubrik through critical initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information.

About the role: 

We are looking for an experienced Senior Risk Management Analyst to be a part of our security risk management team. This role will focus on building and supporting a first-line security risk oversight function. Help us elevate and accelerate the maturity of our risk management by leading prioritized activities related to our security risk management strategy. The successful candidate would lead the revamp of our risk management program, focusing on quantitative risk analysis, findings board operations, maintaining a robust risk register and supporting stakeholder engagement for efficient risk reporting. The ideal candidate will be a strategic thinker with strong analytical skills and the ability to communicate effectively with stakeholders at all levels.

What You’ll Do: 

• Risk Analysis and Triage
• Conduct initial risk assessments and triage incoming security issues
• Conduct comprehensive quantitative and qualitative risk analyses
• Execute targeted Operational Risk Assessments
• Evaluate security risks in new and existing applications, software, and specialized utility programs
• Ticket Management and Follow-up
• Spearhead findings board operations, including issue triage and criticality analysis
• Designate and manage risk owners and delegates for identified risks
• Orchestrate risk remediation discussions and ensure implementation of actionable technical solutions
• Maintain and optimize the risk register and findings database
• Lead cross-functional initiatives for the remediation of technical security and compliance risks, including meeting facilitation, work item assignment, and progress tracking
• Operational-Level Metric Reporting
• Develop and maintain operational-level risk management reports
• Create and update security posture reports for business departments and product offerings
• Design and implement data-driven risk management metrics to enhance decision-making and demonstrate the effectiveness of risk mitigation strategies
• Produce visually appealing and informative risk dashboards that effectively communicate risk information at the operational level
• Collaborate with business units to ensure risk reporting aligns with organizational objectives
• Program Oversight and Improvement
• Assess and enhance security initiatives to mitigate current risk landscape and anticipated threats
• Collaborate with cross-functional teams to drive the remediation of technical security and compliance risks
• Continuously refine the content, quality, and timeliness of risk-related reporting
• Stay updated on risk management methodologies and security technologies to improve the effectiveness of the risk management program

Experience You’ll Need:

• 7+ years of experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry
• Proven track record of driving security and operational risk processes within a modern risk oversight function
• Advanced knowledge of risk quantification principles and experience implementing FAIR-like approaches
• Strong understanding of common security risks, vulnerabilities, and threats
• Expertise in relevant information security frameworks (ISO 27001/2, FedRAMP, SOC 2, CIS Top 20, PCI DSS, NIST CSF, HIPAA)
• Proficiency in audit and risk management methodologies (SOX, COBIT, NIST RMF)
• Hands-on experience with data analytics and BI tools (e.g., Power BI) and agile project management tools (e.g., Jira)
• Executive presence with the ability to represent a vision and build consensus across diverse partners
• Detail-oriented and able to understand the bigger picture by using your technical expertise and problem-solving abilities to prioritize and manage blocking issues.
• Ability to ramp up quickly and learn new technologies with minimal lag time.
• Able to discuss issues at technical and business levels with audiences of various backgrounds.
• Bachelor's degree in Security, Computer Science, or related field; Master's degree preferred
• Professional certifications such as CISA, CISM, CRISC, CGEIT, or CISSP
• Experience in high-growth SaaS and data management industries is a plus

Join Us in Securing the World's Data

Rubrik (NYSE: RBRK) is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Linkedin | X (formerly Twitter) | Instagram | Rubrik.com

Diversity, Equity & Inclusion @ Rubrik

At Rubrik we are committed to building and sustaining a culture where people of all backgrounds are valued, know they belong, and believe they can succeed here.

Rubrik's goal is to hire and promote the best person for the job, no matter their background. In doing so, Rubrik is committed to correcting systemic processes and cultural norms that have prevented equal representation. This means we review our current efforts with the intent to offer fair hiring, promotion, and compensation opportunities to people from historically underrepresented communities, and strive to create a company culture where all employees feel they can bring their authentic selves to work and be successful.

Our DEI strategy focuses on three core areas of our business and culture:

• Our Company: Build a diverse company that provides equitable access to growth and success for all employees globally. 

• Our Culture: Create an inclusive environment where authenticity thrives and people of all backgrounds feel like they belong.

• Our Communities: Expand our commitment to diversity, equity, & inclusion within and beyond our company walls to invest in future generations of underrepresented talent and bring innovation to our clients.

Equal Opportunity Employer/Veterans/Disabled

Rubrik is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. 

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact us at hr@rubrik.com if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

EEO IS THE LAW

EEO IS THE LAW - POSTER SUPPLEMENT

PAY TRANSPARENCY NONDISCRIMINATION PROVISION

NOTIFICATION OF EMPLOYEE RIGHTS UNDER FEDERAL LABOR LAWS